public List<String> modifiableGroupsForUser(Username userName) { if (isUserAdmin(userName)) { return goConfigService.allGroups(); } List<String> modifiableGroups = new ArrayList<>(); for (String group : goConfigService.allGroups()) { if (isUserAdminOfGroup(userName.getUsername(), group)) { modifiableGroups.add(group); } } return modifiableGroups; }
public boolean isUserAuthorized() { if (!securityService.isUserAdmin(username)) { result.forbidden(forbiddenToEdit(), forbidden()); return false; } return true; } }
private boolean hasPermission(Username currentUser, LocalizedOperationResult result) { if (securityService.isUserAdmin(currentUser)) { return true; } result.forbidden(LocalizedMessage.forbiddenToEdit(), HealthStateType.forbidden()); return false; } }
public void checkPipelineGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.isUserAdminOfGroup(currentUsername(), groupName)) { throw renderForbiddenResponse(); } }
private boolean isUserAuthorized() { if (!securityService.isUserAdmin(username)) { result.forbidden(forbiddenToEdit(), forbidden()); return false; } return true; } }
public boolean hasOperatePermissionForGroup(final CaseInsensitiveString username, String groupName) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); if (!cruiseConfig.isSecurityEnabled()) { return true; } if (isUserAdmin(new Username(username))) { return true; } PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); return isUserAdminOfGroup(username, group) || group.hasOperatePermission(username, new UserRoleMatcherImpl(cruiseConfig.server().security())); }
protected boolean isUserAdmin() { if (!securityService.isUserAdmin(currentUser)) { result.forbidden(forbiddenToEdit(), forbidden()); return false; } return true; }
public boolean hasViewPermissionForGroup(String userName, String pipelineGroupName) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); if (!cruiseConfig.isSecurityEnabled()) { return true; } CaseInsensitiveString username = new CaseInsensitiveString(userName); if (isUserAdmin(new Username(username))) { return true; } PipelineConfigs group = cruiseConfig.getGroups().findGroup(pipelineGroupName); return isUserAdminOfGroup(username, group) || group.hasViewPermission(username, new UserRoleMatcherImpl(cruiseConfig.server().security())); }
private void checkAndAddSuperAdmin(String username, Set<GrantedAuthority> authorities) { if (securityService.isUserAdmin(new Username(new CaseInsensitiveString(username)))) { authorities.add(GoAuthority.ROLE_SUPERVISOR.asAuthority()); } } }
private boolean userNameListContainsAdmin(List<String> enabledUserNames) { for (String enabledUserName : enabledUserNames) { if (securityService.isUserAdmin(new Username(new CaseInsensitiveString(enabledUserName)))) { return true; } } return false; }
@Override public boolean canContinue(CruiseConfig cruiseConfig) { if (!(securityService.isUserAdmin(currentUser) || securityService.isUserGroupAdmin(currentUser))) { result.forbidden(forbiddenToEdit(), forbidden()); return false; } return true; } }
private boolean hasViewPermissionWorkaroundForNonExistantPipelineBug_4477(CaseInsensitiveString pipelineName, Username username) { if (!goConfigService.hasPipelineNamed(pipelineName)) { throw new RecordNotFoundException(); } if (securityService.isUserAdmin(username)) { return true; } // we check if pipeline exists because this method returns true in case the group or pipeline does not exist! return securityService.hasViewPermissionForPipeline(username, pipelineName.toString()); }
public Map<String, Object> asJson(Username username, LocalizedOperationResult result) { if (!securityService.isUserAdmin(username)) { result.forbidden(LocalizedMessage.forbiddenToEdit(), HealthStateType.forbidden()); return null; } return serverInfoAsJson(); }
@Test void shouldNotShowAnalyticsDashboardPluginIsNotPresent() { Map<String, Object> modelMap = new HashMap<>(); when(securityService.isUserAdmin(any(Username.class))).thenReturn(true); when(pluginInfoFinder.allPluginInfos(PluginConstants.ANALYTICS_EXTENSION)).thenReturn(Collections.singletonList(new CombinedPluginInfo())); VelocityContext velocityContext = initialContextProvider.getVelocityContext(modelMap, dummySparkController.getClass(), "viewName"); assertThat(velocityContext.internalGet("showAnalyticsDashboard")).isEqualTo(false); }
public ModelAndView index(Request request, Response response) { HashMap<Object, Object> object = new HashMap<Object, Object>() {{ put("viewTitle", "Agents"); put("isUserAnAdmin", securityService.isUserAdmin(currentUsername())); put("shouldShowAnalyticsIcon", showAnalyticsIcon()); }}; return new ModelAndView(object, "agents/index.vm"); }
public void checkAdminUserOrGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } if (!(securityService.isUserAdmin(currentUsername()) || securityService.isUserGroupAdmin(currentUsername()))) { throw renderForbiddenResponse(); } }
@Test void shouldShowAnalyticsDashboard() { Map<String, Object> modelMap = new HashMap<>(); when(securityService.isUserAdmin(any(Username.class))).thenReturn(true); CombinedPluginInfo combinedPluginInfo = new CombinedPluginInfo(analyticsPluginInfo()); when(pluginInfoFinder.allPluginInfos(PluginConstants.ANALYTICS_EXTENSION)).thenReturn(Collections.singletonList(combinedPluginInfo)); VelocityContext velocityContext = initialContextProvider.getVelocityContext(modelMap, dummySparkController.getClass(), "viewName"); assertThat(velocityContext.internalGet("showAnalyticsDashboard")).isEqualTo(true); }
public void checkAdminOrTemplateAdminAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String templateName = request.params("template_name"); if (StringUtils.isNotBlank(templateName) && !securityService.isAuthorizedToEditTemplate(new CaseInsensitiveString(templateName), currentUsername())) { throw renderForbiddenResponse(); } if (StringUtils.isBlank(templateName) && !securityService.isAuthorizedToViewAndEditTemplates(currentUsername())) { throw renderForbiddenResponse(); } }
public void checkPipelineGroupOperateUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.hasOperatePermissionForGroup(currentUserLoginName(), groupName)) { throw renderForbiddenResponse(); } }
public void checkAnyAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } if (!(securityService.isUserAdmin(currentUsername()) || securityService.isUserGroupAdmin(currentUsername()) || securityService.isAuthorizedToViewAndEditTemplates(currentUsername()))) { throw renderForbiddenResponse(); } }